Blog:
http://ddanchev.blogspot.com/2009/11/koobface-botnets-scareware-business.html
WEDNESDAY, NOVEMBER 11, 2009
“Koobface Botnet’s Scareware Business Model - Part Two”
(Posted by Dancho Danchev at Wednesday, November 11, 2009)
SNIPPET: “UPDATED - Tuesday, November 17, 2009: Koobface is resuming scareware (Inst_312s2.exe) operations at 91.212.107.103 which was taken offline for a short period of time. ISP has been notified again, action should be taken shortly. The current domain portfolio including new ones parked there:”
Blog:
http://ddanchev.blogspot.com/2009/11/massive-scareware-serving-blackhat-seo.html
TUESDAY, NOVEMBER 17, 2009
“Massive Scareware Serving Blackhat SEO, the Koobface Gang Style”
(Posted by Dancho Danchev at Tuesday, November 17, 2009)
SNIPPET: “Ali Baba and the 40 thieves LLC are once again multi-tasking, this time compromising hundreds of thousands of web sites, and redirecting Google visitors — through the standard http referrer check — to scareware serving domains.
What’s so special about the domains mentioned in Cyveillance’s post, as well as the ones currently active on this campaign? It’s the Koobface connection.”